A company recently implemented an architecture in which all the systems and components of…

Question

A company recently implemented an architecture in which all the systems and components of the company's SAP environment are hosted on AWS. Front-end users connect from the corporate data center. SAP application servers and database servers are hosted in a private subnet. The company has the following requirements: • Ensure that the instances in the private subnet can connect to the internet and other AWS services. • Prevent instances from receiving inbound traffic that is initiated by someone on the inter-net. • For SAP support, allow a remote connection between the company's network and SAP. Ensure that access is available to the production environment as needed. Which solution will meet these requirements?

Accepted Answer

Correct answer: A. A. Use a NAT gateway to ensure connectivity between the instances in the private subnet and other AWS services. Deploy SAProuter in a public subnet. Assign a public IP address that is reachable from the internet. — Option A is correct as it uses a NAT gateway to allow the instances in the private subnet to access the internet while preventing inbound traffic from the internet, and it allows SAProuter to be reachable over the internet for support. Options B and C do not meet all requirements as they either place SAProuter in the wrong subnet or lack adequate internet connectivity. Option D incorrectly suggests using an internet gateway, which would expose the private subnet to inbound traffic from the internet.

AWS Certified SAP on AWS – Specialty (PAS-C01) — Question 87

Answer options

Correct answer: A

Explanation